Source: Statista

The debate about squatters’ rights in the United States has been heating up to the point where it elicited a response from the Biden Administration Monday. In a statement it said that it was “critical that local governments take action” and that issues around squatters’ rights were watched by the administration but considered a local issue.

A string of high-profile squatting cases – with many centering on New York City – have made headlines recently. In February, news broke about a New York couple who had purchased a home in the suburb of Queens for long-term use of their disabled son, but was failing to evict a tenant who was a caretaker for the recently deceased former owner and had been expected to move out. However, as he had occupied the house for more than 30 days with alleged permission from the former owner, he couldn’t be easily evicted under New York City Law. In another NYC case, squatters are suspected to have killed a 52-year-old woman in March who entered her deceased mother’s apartment after having traveled from abroad to hand it over to new tenants.

In the state as a whole, this law is not on the books. Like in many states, however, New York’s squatters or adverse possession laws kick in after 10 years and allow a squatter to stake claim to a property after this time period, as seen in data published by the American Apartment Owners Association. Cases of squatters earning rights in this context are rare, but not unheard of. In 2008, Oakland man Steven DeCaprio moved into an abandoned house in the city, fixed it up and successfully sued not only for occupancy, but for ownership in a process called adverse possession. In California, five years of continuous occupation are enough to stake a claim like DeCaprio’s but the process is arduous and includes being up to date on tax payments for the property, something that local authorities might not accept.

Not taking into account the additional legal difficulties some claims under squatters rights face, California’s required occupancy period is one of the shortest in the country together with Montana’s. Periods of seven years are on the books in Arkansas, Florida, Utah and Tennessee, even though the Florida statute will change as of July 1. Washington’s required period is pushed back to seven years as well if property taxes are paid and otherwise it is 10 years, like in several other states including Texas, Oregon, Arizona and South Carolina. New Jersey and Louisiana employ the longest periods at 30 years.

Source: Statista

We all know the emails: “Dear user, please click the following link to update your credentials. Otherwise your Office 365 account will be disabled.” “Please sign the attached document” or “Please review your payment information.” And while many of those emails look legitimate at first glance, it’s always worth taking a closer look, because more often than not emails like the above are phishing attempts. Millions of people fall for these kinds of phishing attempts, especially people who haven’t grown up using the internet.

Phishing is among the most common cyber attacks, targeting both individuals and companies. The consequences of successful phishing attacks can be severe, ranging from loss of confidential information or intellectual property to breach of customer data or ransomware infection. Any of those outcomes can result in financial and reputational damages, which is why any organization should train its employees on the constantly evolving threat landscape.

In recent years, phishing mails have become a lot more sophisticated and some of them are really hard to distinguish from legitimate mails. In many cases, such attacks involve the attacker imitating a well-known company/brand – a practice commonly known as “brand phishing” – in order to exploit the trust and familiarity that users have with certain brands. According to Proofpoint’s 2024 State of the Phish report, Microsoft was the most abused brand in 2023, appearing in 68 million malicious messages, with Office 365 alone appearing in 20 million malicious mails. Other often exploited brands include Adobe, DHL and Google, albeit none of them comes close to the volume of fraudulent messages sent in the name of Microsoft.